Jmaa/secret_loader
1
0
Fork 0
Code Actions Packages

Only return first line
Some checks failed
Test Python / Test (push) Failing after 29s
Details

Browse Source
This commit is contained in:
Jon Michael Aanes 2024-07-08 00:27:21 +02:00
parent aca9ddfc02
commit 42df8b2909
Signed by: Jmaa
SSH Key Fingerprint: SHA256:Ab0GfHGCblESJx7JRE4fj4bFy/KRpeLhi41y4pF3sNA
1 changed files with 23 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
secret_loader/__init__.py
View File

@ -24,6 +24,24 @@ Secret loading order:
locally, and configuration of the `PASS_STORE_SUBFOLDER` through one of the above locally, and configuration of the `PASS_STORE_SUBFOLDER` through one of the above
methods. methods.
4. Vault instance if configured. Suited for production environments. 4. Vault instance if configured. Suited for production environments.
## TODO
- [ ] Mlock secrets to prevent leakage to swap file.
- [ ] Wrap secrets in intelligent strings:
* Instead of returning None on unloaded, return UnknownSecret, that produce
error when formatted.
* `repr(secret)` should not include contents, but only the secret and how
it was loaded.
* Methods on `Secret` should be kept minimal.
- [ ] Vault:
* [ ] Ensure vault code path works.
* [ ] Document usage and requirements.
## License
Copyright 2024 Jon Michael Aanes.
All rights reserved.
""" """
import logging import logging
import os import os
@ -120,7 +138,11 @@ class SecretLoader:
process = subprocess.run(cmd, capture_output = True) process = subprocess.run(cmd, capture_output = True)
if process.returncode: if process.returncode:
return None return None
return process.stdout.decode('utf8')
password_file = process.stdout.decode('utf8')
for line in password_file.split('\n'):
return line
return None
def _load_or_none_vault(self, env_key: str) -> str | None: def _load_or_none_vault(self, env_key: str) -> str | None:
if self.vault_client is None: if self.vault_client is None: